Vulnerability Details : CVE-2014-3006
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
Exploit prediction scoring system (EPSS) score for CVE-2014-3006
Probability of exploitation activity in the next 30 days: 0.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3006
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-3006
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3006
-
http://www.securityfocus.com/archive/1/531986/100/0/threaded
SecurityFocus
-
http://seclists.org/fulldisclosure/2014/Apr/317
Full Disclosure: LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access
-
http://www.securityfocus.com/bid/67165
Sitepark Information Enterprise Server CVE-2014-3006 Security Bypass Vulnerability
-
https://www.lsexperts.de/advisories/lse-2014-04-10.txt
Startseite
Products affected by CVE-2014-3006
- cpe:2.3:a:sitepark:information_enterprise_server:2.9:*:*:*:*:*:*:*